Solid and Infrastructure as Code

Applying SOLID
Principles to
Infrastructure as Code
@attachmentgenie

~$ whoami~$ whoami
● I used to be a Molecular Biologist,I used to be a Molecular Biologist,
● Then became a Dev,Then became a Dev,
● Now an Ops.Now an Ops.
● Open Source Consultant @Open Source Consultant @inuits.euinuits.eu

classclass webserver {webserver {
include apacheinclude apache
apache::vhost {apache::vhost { 'vhost.example.com''vhost.example.com'::
port =>port => '80''80',,
docroot =>docroot => '/var/www/vhost''/var/www/vhost',,
}}
include ::phpinclude ::php
classclass {{ '::mysql::server''::mysql::server'::
root_password =>root_password => 'secret''secret',,
}}
classclass {{ '::mysql::server::account_security''::mysql::server::account_security': }: }
classclass {{ '::mysql::client''::mysql::client': }: }
mysql::db {mysql::db { 'mydb''mydb'::
user =>user => 'myuser''myuser',,
password =>password => 'mypass''mypass',,
host =>host => 'localhost''localhost',,
grant => [grant => ['SELECT''SELECT',, 'UPDATE''UPDATE']],,
}}
include ::firewallinclude ::firewall
firewall{firewall{'http''http'::
dport =>dport => '80''80',,
proto =>proto => 'tcp''tcp',,
action =>action => 'accept''accept',,
}}

Roles & ProfilesRoles & Profiles
● Component modules — Modules that manageComponent modules — Modules that manage
one particular technology, for exampleone particular technology, for example
puppetlabs/apache.puppetlabs/apache.
● Profiles — Wrapper classes that use (multiple)Profiles — Wrapper classes that use (multiple)
component modules to configure a layeredcomponent modules to configure a layered
technology stack.technology stack.
● Roles — Wrapper classes that use multipleRoles — Wrapper classes that use multiple
profiles to build a complete systemprofiles to build a complete system
configuration.configuration.
https://www.craigdunn.org/2012/05/239/https://www.craigdunn.org/2012/05/239/

Roles & Profiles - TLDRRoles & Profiles - TLDR
● Component modules — Resources definitions.Component modules — Resources definitions.
● Profiles — Your company specificProfiles — Your company specific
implementation.implementation.
● Roles — Bussiness role.Roles — Bussiness role.

classclass roles::webserver {roles::webserver {
include profiles::apacheinclude profiles::apache
include profiles::mysqlinclude profiles::mysql
}}

include ::profiles::apacheinclude ::profiles::apache
}}
classclass roles::database {roles::database {
include ::profiles::mysqlinclude ::profiles::mysql
}}

● First approach: Granular rolesFirst approach: Granular roles
● Second approach: Conditional logicSecond approach: Conditional logic
● Third approach: Nested rolesThird approach: Nested roles
● Fourth approach: Multiple roles per nodeFourth approach: Multiple roles per node
● Fifth approach: Super profilesFifth approach: Super profiles
● Sixth approach: Building roles in the nodeSixth approach: Building roles in the node
classifierclassifier
https://puppet.com/docs/pe/2017.3/managinghttps://puppet.com/docs/pe/2017.3/managing
_nodes/designing_convenient_roles.html_nodes/designing_convenient_roles.html

““loose coupling, high cohesion”loose coupling, high cohesion”
Unknown?Unknown?

classclass roles::allinone {roles::allinone {
include ::profiles::apacheinclude ::profiles::apache
include ::profiles::mysqlinclude ::profiles::mysql
}}

Design PatternsDesign Patterns

Model View ControllerModel View Controller
● The model is the central component of theThe model is the central component of the
pattern. It expresses the application's behaviorpattern. It expresses the application's behavior
in terms of the problem domain, independent ofin terms of the problem domain, independent of
the user interface.[6] It directly manages thethe user interface.[6] It directly manages the
data, logic and rules of the application.data, logic and rules of the application.
● The controller, accepts input and converts it toThe controller, accepts input and converts it to
commands for the model or view.commands for the model or view.
● A view can be any output representation ofA view can be any output representation of
information, such as a chart or a diagram.information, such as a chart or a diagram.
Multiple views of the same information areMultiple views of the same information are
possible, such as a bar chart for managementpossible, such as a bar chart for management
and a tabular view for accountants.and a tabular view for accountants.

MVC -TLDRMVC -TLDR
● Model: heavy lifting partModel: heavy lifting part
● Controller: Logic flow coordinatorController: Logic flow coordinator
● View: Consumable render of dataView: Consumable render of data

R&P vs MVCR&P vs MVC
● Component modules — Resources definitions.Component modules — Resources definitions.
● Profiles — Your company specificProfiles — Your company specific
implementation.implementation.
● Roles — Bussiness role.Roles — Bussiness role.
● Model: heavy lifting partModel: heavy lifting part
● Controller: Flow coordinatorController: Flow coordinator
● View: Consumable render of dataView: Consumable render of data

OO - Objective OrientedOO - Objective Oriented
● Objects and classesObjects and classes
● Dynamic dispatch/message passingDynamic dispatch/message passing
● EncapsulationEncapsulation
● Composition, inheritance, and delegationComposition, inheritance, and delegation
● PolymorphismPolymorphism
● Open recursionOpen recursion

SOLID PrincipleSOLID Principle
mnemonic acronym for five design principlesmnemonic acronym for five design principles
intended to make software designs moreintended to make software designs more
understandable, flexible and maintainableunderstandable, flexible and maintainable
Robert C. Martin, 2002Robert C. Martin, 2002

SOLID PrincipleSOLID Principle
SS — Single Responsibility Principle— Single Responsibility Principle
OO— Open-Closed Principle— Open-Closed Principle
LL — Liskov Substitution Principle— Liskov Substitution Principle
II — Interface Segregation Principle— Interface Segregation Principle
DD — Dependency Inversion Principle— Dependency Inversion Principle

Single Responsibility PrincipleSingle Responsibility Principle
““A class should have one, and only one,A class should have one, and only one,
reason to change”reason to change”

Open-Closed PrincipleOpen-Closed Principle
““You should be able to extend a class’sYou should be able to extend a class’s
behavior, without modifying it”behavior, without modifying it”

classclass profiles::website::apache (profiles::website::apache (
BooleanBoolean $default_mods$default_mods == truetrue,,
BooleanBoolean $default_vhost$default_vhost == falsefalse,,
HashHash $modules$modules = {}= {},,
StringString $mpm_module$mpm_module == 'prefork''prefork',,
BooleanBoolean $purge_configs$purge_configs == falsefalse,,
BooleanBoolean $purge_vhost_dir$purge_vhost_dir == falsefalse,,
HashHash $vhosts$vhosts = {}= {},,
) {) {
classclass {{ '::apache''::apache'::
default_mods =>default_mods => $default_mods$default_mods,,
default_vhost =>default_vhost => $default_vhost$default_vhost,,
mpm_module =>mpm_module => $mpm_module$mpm_module,,
purge_configs =>purge_configs => $purge_configs$purge_configs,,
purge_vhost_dir =>purge_vhost_dir => $purge_vhost_dir$purge_vhost_dir,,
}}
create_resources(create_resources('apache::mod''apache::mod',, $modules$modules))
create_resources(create_resources('apache::vhost''apache::vhost',, $vhosts$vhosts))
}}

YAML programmingYAML programming
profiles::website::apache::vhosts:profiles::website::apache::vhosts:
'icinga.alerting.vagrant':'icinga.alerting.vagrant':
port:port: 8080
docroot:docroot: '/usr/share/icingaweb2/public''/usr/share/icingaweb2/public'
directories:directories:
-- 'icingaweb':'icingaweb':
path:path: '/usr/share/icingaweb2/public''/usr/share/icingaweb2/public'
directoryindex:directoryindex: 'index.php''index.php'
options:options:
-- 'SymLinksIfOwnerMatch''SymLinksIfOwnerMatch'
setenv:setenv:
-- 'ICINGAWEB_CONFIGDIR "/etc/icingaweb2"''ICINGAWEB_CONFIGDIR "/etc/icingaweb2"'
rewrites:rewrites:
-- 'icingaweb':'icingaweb':
comment:comment: 'Icingaweb2''Icingaweb2'
rewrite_base:rewrite_base: '/icingaweb2''/icingaweb2'
rewrite_cond:rewrite_cond:
-- '%%{}{REQUEST_FILENAME} -s [OR]''%%{}{REQUEST_FILENAME} -s [OR]'
-- '%%{}{REQUEST_FILENAME} -l [OR]''%%{}{REQUEST_FILENAME} -l [OR]'
-- '%%{}{REQUEST_FILENAME} -d''%%{}{REQUEST_FILENAME} -d'
rewrite_rule:rewrite_rule:
-- '^.*$ - [NC,L]''^.*$ - [NC,L]'
-- 'php':'php':
comment:comment: 'PHP''PHP'
rewrite_rule:rewrite_rule:
-- '^.*$ index.php [NC,L]''^.*$ index.php [NC,L]'
setenvif:setenvif:
-- 'Authorization "(.*)" HTTP_AUTHORIZATION=$1''Authorization "(.*)" HTTP_AUTHORIZATION=$1'
aliases:aliases:
-- '/icingaweb2':'/icingaweb2':
alias:alias: '/icingaweb2''/icingaweb2'
path:path: '/usr/share/icingaweb2/public''/usr/share/icingaweb2/public'
redirectmatch_regexp:redirectmatch_regexp: '^/$''^/$'
redirectmatch_dest:redirectmatch_dest: '/icingaweb2''/icingaweb2'
custom_fragment:custom_fragment: ||
<LocationMatch "^/icingaweb2/(.*.php)$"><LocationMatch "^/icingaweb2/(.*.php)$">
ProxyPassMatch "fcgi://127.0.0.1:9000/usr/share/icingaweb2/public/$1"ProxyPassMatch "fcgi://127.0.0.1:9000/usr/share/icingaweb2/public/$1"
</LocationMatch></LocationMatch>

Circuit BreakerCircuit Breaker
# cat default.pp# cat default.pp
lookup(lookup('circuit_breaker_key''circuit_breaker_key', Boolean, Boolean))
Exec { path => [Exec { path => [ "/bin/""/bin/",, "/sbin/""/sbin/" ,, "/usr/bin/""/usr/bin/",,
"/usr/sbin/""/usr/sbin/" ] }] }
Package {Package {
allow_virtual =>allow_virtual => truetrue,,
}}

Circuit BreakerCircuit Breaker
[root@php72 ~]# puppet agent -t[root@php72 ~]# puppet agent -t
......
Error: Could not retrieve catalog from remote server:Error: Could not retrieve catalog from remote server:
Error 500 on SERVER: Server Error: Function lookup()Error 500 on SERVER: Server Error: Function lookup()
did not find a value for the name 'circuit_breaker'did not find a value for the name 'circuit_breaker'
on node php72.website.vagranton node php72.website.vagrant
Warning: Not using cache on failed catalogWarning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping runError: Could not retrieve catalog; skipping run

Liskov Substitution PrincipleLiskov Substitution Principle
““Derived classes must be substitutableDerived classes must be substitutable
for their base classes”for their base classes”

Using TypesUsing Types
classclass nginx (nginx (
$temp_path = ‘/tmp’$temp_path = ‘/tmp’,,
$confd_only$confd_only == falsefalse,,
$daemon$daemon == undefundef,,
$severity$severity == 'error''error',,

classclass nginx (nginx (
Stdlib::AbsolutepathStdlib::Absolutepath $temp_path = ‘/tmp’$temp_path = ‘/tmp’,,
BooleanBoolean $confd_only$confd_only == falsefalse,,
Optional[Enum[Optional[Enum['on''on',, 'off''off']]]] $daemon$daemon == undefundef,,
Nginx::SeverityNginx::Severity $severity$severity == 'error''error',,

# cat modules/nginx/types/serverity.pp# cat modules/nginx/types/serverity.pp
type Nginx::Severity = Enum[type Nginx::Severity = Enum[
'debug''debug',,
'info''info',,
'notice''notice',,
'warn''warn',,
'error''error',,
'crit''crit',,
'alert''alert',,
'emerg' # lint:ignore:trailing_comma'emerg' # lint:ignore:trailing_comma
]]

Interface Segregation PrincipleInterface Segregation Principle
““Make fine-grained interfaces that areMake fine-grained interfaces that are
client specific”client specific”

DRY – Dont Repeat YourselfDRY – Dont Repeat Yourself
““...”...”

DRYDRY
modules grep -r "apache::vhost" . | wc -l❯
75

Profiles & Defined TypesProfiles & Defined Types
create_resources(create_resources( 'apache::vhost''apache::vhost',, $vhosts$vhosts,, $vhost_defaults$vhost_defaults ))
VSVS
create_resources(create_resources( '::profile_symfony::vhost''::profile_symfony::vhost',, $instances$instances ))
create_resources(create_resources( '::profile_drupal::vhost''::profile_drupal::vhost',, $instances$instances ))

Dependency Inversion PrincipleDependency Inversion Principle
““Depend on abstractions, not onDepend on abstractions, not on
concretions”concretions”

include profiles::firewallinclude profiles::firewall
}}

classclass role::webserver {role::webserver {
include profiles::phpinclude profiles::php
include profiles::firewallinclude profiles::firewall
}}

Defined TypesDefined Types
definedefine profile_static_app::vhost(profile_static_app::vhost(
StringString $public_name$public_name,,
StringString $internal_name$internal_name,,
StringString $package_name$package_name,,
StringString $docroot$docroot == "/var/vhosts/"/var/vhosts/${name}${name}"",,
BooleanBoolean $force_ssl$force_ssl == truetrue,,
BooleanBoolean $letsencrypt$letsencrypt == truetrue,,
BooleanBoolean $package_ensure$package_ensure == 'installed''installed',,
Enum[Enum['apache''apache',,'haproxy''haproxy',, 'none''none']] $rproxy_type$rproxy_type == 'apache''apache',,
StringString $rproxy_basicauth$rproxy_basicauth == 'ldap''ldap',,
StringString $custom_fragment$custom_fragment == '''',,
Array[String]Array[String] $internal_aliases$internal_aliases = []= [],,
Array[String]Array[String] $public_aliases$public_aliases = []= [],,
) {) {
::profile_static_app::instance {::profile_static_app::instance {$public_name$public_name::
package_name =>package_name => $package_name$package_name,,
ensure =>ensure => $package_ensure$package_ensure,,
}}
::profile_apache::vhost{::profile_apache::vhost{ $public_name$public_name::
docroot =>docroot => $docroot$docroot,,
internal_name =>internal_name => $internal_name$internal_name,,
internal_aliases =>internal_aliases => $internal_aliases$internal_aliases,,
public_name =>public_name => $public_name$public_name,,
public_aliases =>public_aliases => $public_aliases$public_aliases,,
force_ssl =>force_ssl => $force_ssl$force_ssl,,
letsencrypt =>letsencrypt => $letsencrypt$letsencrypt,,
rproxy_type =>rproxy_type => $rproxy_type$rproxy_type,,
rproxy_basicauth =>rproxy_basicauth => $rproxy_basicauth$rproxy_basicauth,,
custom_fragment =>custom_fragment => $custom_fragment$custom_fragment,,
}}
}}

php::fpm::pool {php::fpm::pool { $name$name::
access_log =>access_log => $acces_log$acces_log,,
listen =>listen => $fpm_listen$fpm_listen,,
pm =>pm => $process_manager$process_manager,,
pm_status_path =>pm_status_path => "/"/${name}${name}_status"_status",,
}}
profile_base::logrotate::file {profile_base::logrotate::file { ""${name}${name}-pool"-pool"::
location => [location => [$acces_log$acces_log]],,
}}
ifif $create_cachetool_config$create_cachetool_config {{
::profile_php::cachetool::config {::profile_php::cachetool::config { $name$name::
fpm_listen =>fpm_listen => $fpm_listen$fpm_listen,,
location =>location => $cachetool_config_dir$cachetool_config_dir,,
}}
}}
ifif $enable_alerting$enable_alerting {{
notify {notify { 'no alerting to see here''no alerting to see here': }: }
}}
ifif $enable_ship_logs$enable_ship_logs {{
::profile_base::rsyslog::file {::profile_base::rsyslog::file { ""${name}${name}-pool"-pool"::
location =>location => $acces_log$acces_log,,
}}
}}
ifif $enable_ship_metrics$enable_ship_metrics {{
notify {notify { 'no metrics to see here''no metrics to see here': }: }
}}

ConclusionsConclusions
VV Single Responsibility PrincipleSingle Responsibility Principle
½½ Open-Closed PrincipleOpen-Closed Principle
½½ Liskov Substitution PrincipleLiskov Substitution Principle
½½ Interface Segregation PrincipleInterface Segregation Principle
¾¾ Dependency Inversion PrincipleDependency Inversion Principle

ContactContact
Bram VogelaarBram Vogelaar
+31 6 46 62 60 78+31 6 46 62 60 78
bram.vogelaar@inuits.eubram.vogelaar@inuits.eu
@attachmentgenie@attachmentgenie
Inuits BEInuits BE
Essensteenweg 31Essensteenweg 31
2930 Brasschaat2930 Brasschaat
BelgiumBelgium
Inuits NLInuits NL
Maashaven Zuidzijde 2Maashaven Zuidzijde 2
3081 AE Rotterdam3081 AE Rotterdam
NetherlandsNetherlands

Solid and Infrastructure as Code

More Related Content

What's hot (20)

Similar to Solid and Infrastructure as Code (20)

More from Bram Vogelaar (20)

Recently uploaded (20)

Solid and Infrastructure as Code